Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.6 views

CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 8:46 p.m.6 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature...

8.2CVSS5.9AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 8:46 p.m.11 views

GHSA-JC6X-RJ79-W4MX CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51070

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification performs a document-wide ds:Signature lookup. An unauthenticated remote attacker can place a SOAP header before wsse:Security and...

5.9CVSS6AI score0.00238EPSS
Exploits0References12
Rows per page
Query Builder